Mailing List Archive

On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
> Hello all,
>
> I am playing around with IPv6 a bit and found those instructions on the
> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
> however, after applying the patch exactly nothing changed. tcpserver
> does not seem to bind itself to the IPv6 stack, also, there is no error
> or informational message. Rest of the system including sshd, apache and
> dovecot is already "dualhomed", so I know that kernel and other stuff is
> pretty fine.
>
> Any ideas?
>
> regards Florian
>
>

you may want to provide a little more information, such as your linux distribution?

On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
> Hello all,
>
> I am playing around with IPv6 a bit and found those instructions on the
> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
> however, after applying the patch exactly nothing changed.

You may need to modify your run file; Felix's patch (which the above is
apparently based on) adds new -4 and -6 arguments to tcpserver. Post
your qmail-smtpd run file here.

Also what operating system are you using?

Nicolai

Dear Panashe,

yes sorry forgot: Its a Debian sarge/squeeze with kernel 2.6.26-2-amd64..

regards Florian


Quoting Panashe Flack <lists222@m.l.vaunt.eu>:

> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>> Hello all,
>>
>> I am playing around with IPv6 a bit and found those instructions on the
>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>> however, after applying the patch exactly nothing changed. tcpserver
>> does not seem to bind itself to the IPv6 stack, also, there is no error
>> or informational message. Rest of the system including sshd, apache and
>> dovecot is already "dualhomed", so I know that kernel and other stuff is
>> pretty fine.
>>
>> Any ideas?
>>
>> regards Florian
>>
>>
>
> you may want to provide a little more information, such as your
> linux distribution?
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Hello,

as I read it I expected that I do not need those switches. And heres
the run file:

start-stop-daemon --start --user qmaild \
--pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
--exec \
/usr/bin/tcpserver -- -R -H -l $HOSTNAME \
-u vpopmail -g vpopmail -x /etc/tcp.smtp.cdb 0 smtp \
$rblsmtpd /usr/sbin/qmail-smtpd \
/var/vpopmail/bin/vchkpw /bin/true 2>&1 \
| /usr/bin/multilog t n14 s1000000 /var/log/smtp &

Quoting Nicolai <nicolai-qmail@chocolatine.org>:

> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>> Hello all,
>>
>> I am playing around with IPv6 a bit and found those instructions on the
>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>> however, after applying the patch exactly nothing changed.
>
> You may need to modify your run file; Felix's patch (which the above is
> apparently based on) adds new -4 and -6 arguments to tcpserver. Post
> your qmail-smtpd run file here.
>
> Also what operating system are you using?
>
> Nicolai
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Hi Florian (and all who are interested),

currently I'm working on IPv6, and particular it's integration into ucspi-ssl and qmail.
Felix already did most of the coding ;-)

Let me try to explain parts of the problem:

Your IPvX settings:

a) In your setting, you use IPv6 enabled tcpserver to catch any TCP packet for port 25.
You bind tcpserver to ANY available IP address by means of the '0'

b) tcpserver will happily accept any IPv4 AND IPv6 packet on any (at start) available IP address.

c) The IPv4 address your host has is '0.0.0.0' (unspecified), '127.0.0.1' (loopback) and the
dedicated address, lets lay 1.2.3.4.

d) IPv6 address you host has is '::' (unspecified), '::1' (loopback), the link-local LLU
address (fe80:....), and the Global IPv4 address, typically 2001:......

e) In case you have turned on IPv6 privacy extension, additional LLU AND Global addresses
will come and go. I doubt, this is going to work with tcpserver anyway.

Your smtp.cdb:

f) Let's consider tcpserver receives an IPvX packet. It needs to look inside the cdb.
Here you may have defined some IP based rules, typically '127.0.0.1:allow'.

g) The kernel of your OS will translate any IPv4 DA in the packet to an IPv4-mapped IPv6 address.
The lookup will fail.

h) tcpserver's rule don't work neither with IPv4 CIDR addresses nor IPv6 addresses.
For the first problem I have provided a patch, on the second issue I'm working on (better:
one of my students).

Some solution:

i) Always bind tcpserver (and perhaps sslserver) to a dedicated IPv4/IPv6 address.
j) Use distinguished smtpd.cdbs for each case.

Of course:

k) rblsmtpd does currently not support IPv6 addresses.


Good luck and best regards.

--eh.

PS: You can check for some system commands to tune IPv6 in my talk about the Router Advertisement Protocol:

http://www.fehcom.de/ipnet/ipv6_en.html



Am 22.05.2012 um 09:33 schrieb flori@bin.org.in:

> Hello,
>
> as I read it I expected that I do not need those switches. And heres the run file:
>
> start-stop-daemon --start --user qmaild \
> --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
> --exec \
> /usr/bin/tcpserver -- -R -H -l $HOSTNAME \
> -u vpopmail -g vpopmail -x /etc/tcp.smtp.cdb 0 smtp \
> $rblsmtpd /usr/sbin/qmail-smtpd \
> /var/vpopmail/bin/vchkpw /bin/true 2>&1 \
> | /usr/bin/multilog t n14 s1000000 /var/log/smtp &
>
> Quoting Nicolai <nicolai-qmail@chocolatine.org>:
>
>> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>>> Hello all,
>>>
>>> I am playing around with IPv6 a bit and found those instructions on the
>>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>>> however, after applying the patch exactly nothing changed.



--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE

Hello Erwin,

thanks as always for the precise analysis ;-)...

I understand that there is still some or significant effort needed,
but I want also to learn more about these issues since they might
affect future decisions sooner or later.

Practically I fail already in step b) as tcpserver does exactly not
listen to any ip6 enabled interface. ANd I only have the 4 you
mentioned, not more :)

So I doubt that the value of "0" does function correctly to enable
bindings on both stacks. whatever it prevents of doing so... the
executable shows the correct cmdline arguments, so it must be the
patched one, no "lost update" issue:

usage: tcpserver [ -461UXpPhHrRoOdDqQv ]

But, what Nicolai suggested, adding those -4 or -6 parameters will do
completely different things than to enable the stack binding, at least
thats what the manpage told me.

So for playing around, maybe you can help me to get this going, and
then we talk about step g) and h) later.... :)

thanks Florian


Quoting Erwin Hoffmann <feh@fehcom.de>:

> Hi Florian (and all who are interested),
>
> currently I'm working on IPv6, and particular it's integration into
> ucspi-ssl and qmail.
> Felix already did most of the coding ;-)
>
> Let me try to explain parts of the problem:
>
> Your IPvX settings:
>
> a) In your setting, you use IPv6 enabled tcpserver to catch any TCP
> packet for port 25.
> You bind tcpserver to ANY available IP address by means of the '0'
>
> b) tcpserver will happily accept any IPv4 AND IPv6 packet on any (at
> start) available IP address.
>
> c) The IPv4 address your host has is '0.0.0.0' (unspecified),
> '127.0.0.1' (loopback) and the
> dedicated address, lets lay 1.2.3.4.
>
> d) IPv6 address you host has is '::' (unspecified), '::1'
> (loopback), the link-local LLU
> address (fe80:....), and the Global IPv4 address, typically 2001:......
>
> e) In case you have turned on IPv6 privacy extension, additional LLU
> AND Global addresses
> will come and go. I doubt, this is going to work with tcpserver anyway.
>
> Your smtp.cdb:
>
> f) Let's consider tcpserver receives an IPvX packet. It needs to
> look inside the cdb.
> Here you may have defined some IP based rules, typically
> '127.0.0.1:allow'.
>
> g) The kernel of your OS will translate any IPv4 DA in the packet to
> an IPv4-mapped IPv6 address.
> The lookup will fail.
>
> h) tcpserver's rule don't work neither with IPv4 CIDR addresses nor
> IPv6 addresses.
> For the first problem I have provided a patch, on the second
> issue I'm working on (better:
> one of my students).
>
> Some solution:
>
> i) Always bind tcpserver (and perhaps sslserver) to a dedicated
> IPv4/IPv6 address.
> j) Use distinguished smtpd.cdbs for each case.
>
> Of course:
>
> k) rblsmtpd does currently not support IPv6 addresses.
>
>
> Good luck and best regards.
>
> --eh.
>
> PS: You can check for some system commands to tune IPv6 in my talk
> about the Router Advertisement Protocol:
>
> http://www.fehcom.de/ipnet/ipv6_en.html
>
>
>
> Am 22.05.2012 um 09:33 schrieb flori@bin.org.in:
>
>> Hello,
>>
>> as I read it I expected that I do not need those switches. And
>> heres the run file:
>>
>> start-stop-daemon --start --user qmaild \
>> --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \
>> --exec \
>> /usr/bin/tcpserver -- -R -H -l $HOSTNAME \
>> -u vpopmail -g vpopmail -x /etc/tcp.smtp.cdb 0 smtp \
>> $rblsmtpd /usr/sbin/qmail-smtpd \
>> /var/vpopmail/bin/vchkpw /bin/true 2>&1 \
>> | /usr/bin/multilog t n14 s1000000 /var/log/smtp &
>>
>> Quoting Nicolai <nicolai-qmail@chocolatine.org>:
>>
>>> On Mon, May 21, 2012 at 10:46:07PM +0200, Florian Leeber wrote:
>>>> Hello all,
>>>>
>>>> I am playing around with IPv6 a bit and found those instructions on the
>>>> net: http://www.brandonturner.net/blog/2009/08/qmail-ipv6-tcpserver/ -
>>>> however, after applying the patch exactly nothing changed.
>
>
>
> --
> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE
>
>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Hello Erwin & all,

it works now. Too stupid to figure out that the qmail stop script was
not terminating tcpserver properly and the old version kept running.
Have to look into this strange behaviour of course.

I think relay control will not be an issue, I have either incoming
mail which terminates at this server, or smtp users who log in via
IPv4 or local IPv4 webmail/sendmail, so I would not need any relay
rules right now.

regards Florian

Quoting flori@bin.org.in:

> Hello Erwin,
>
> thanks as always for the precise analysis ;-)...
>
> I understand that there is still some or significant effort needed,
> but I want also to learn more about these issues since they might
> affect future decisions sooner or later.
>
> Practically I fail already in step b) as tcpserver does exactly not
> listen to any ip6 enabled interface. ANd I only have the 4 you
> mentioned, not more :)
>




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



----- End forwarded message -----


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.